Previous Topic: Protecting setuid and setgid ProgramsNext Topic: Conditional Access


Define setuid/setgid Programs Automatically

CA ControlMinder provides a way to define all your setuid and setgid programs automatically. Use the utility program /bin/seuidpgm to build the set of commands to define all the setuid programs and their permissions.

For example, to scan the entire file system for setuid and setgid programs and write the generated selang commands to the file /tmp/pgm_script, enter the following selang command:

# seuidpgm ‑qln / ‑x /home > /tmp/pgm_script

You can edit and modify the output file generated by seuidpgm according to your needs before submission.

Note: For more information about the seuidpgm utility, see the Reference Guide. To learn how to give similar protection to programs that are neither setuid nor setgid programs, see the SECFILE class in the Reference Guide.